Dmitry Vyukov

The syz-ci part of this is #1770. Support for immediate rebuilding needs to be done in syz-ci first (it's what builds kernels). And it may be enough for rare rebuild...

Hi @heatd, > Does this sound wanted and feasible? Per se it should be feasible provided you build syzkaller as UEFI application. > From what I can gather, there isn't...

I don't know how exactly you want to do this. But if you want to build the guest part of syzkaller as UEFI application, it may be hard because currently...

> My idea was to use something like Fuchsia's HostFuzzer Yes, this may work. > Actually, one more question: How does syzkaller pass stuff to the VM? Does it just...

@mspecter This is great! Maybe a bit late to point out, but we have this rough prototype: https://github.com/google/syzkaller/blob/master/tools/syz-declextract/syz-declextract.cpp If you did something with clang before, then it's probably of no...

As soon as you have something that converts a C struct to a basic syzkaller form, we can start merging. I think it's important to figure out and agree on...

Another high-level question is how to split code between C++ and Go. I would prefer that we have most of the logic in Go because we already have machinery to...

> along with a few Go->C++ bindings to actually create nodes and serialize them out; doing something like an AST->AST conversion. Do you want to call Go from C++, or...

I've added descriptions of 7 main Linux kernel interfaces that I know of: https://github.com/google/syzkaller/issues/590#issue-321091966 Anything else I am missing? @mspecter

A related functionality that may be easy to build on top is collecting set of functions reachable from syscalls. This would be useful to provide meaningful % of covered code...